Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4171 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file. | |||||
| CVE-2005-4168 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username. | |||||
| CVE-2005-4167 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php. | |||||
| CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2008-09-05 | 9.4 HIGH | N/A |
| Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | |||||
| CVE-2005-4155 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2008-09-05 | 7.5 HIGH | N/A |
| registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor. | |||||
| CVE-2005-4130 | 1 Realnetworks | 1 Realplayer | 2008-09-05 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2005-4126 | 1 Realnetworks | 1 Realplayer | 2008-09-05 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2005-4076 | 1 Appfluent Technology | 1 Database Ids | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable. | |||||
| CVE-2005-4029 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 5.0 MEDIUM | N/A |
| WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods. | |||||
| CVE-2005-4028 | 1 Amember | 1 Amember | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php. | |||||
| CVE-2005-4025 | 1 Help Desk Reloaded | 1 Free Help Desk | 2008-09-05 | 7.5 HIGH | N/A |
| Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. | |||||
| CVE-2005-4002 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 4.0 MEDIUM | N/A |
| WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | |||||
| CVE-2005-3992 | 1 Wineggdropshell | 1 Wineggdropshell | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | |||||
| CVE-2005-3987 | 1 Tradesoft | 1 Tradesoft Cms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
| CVE-2005-3957 | 1 Dotclear | 1 Dotclear | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. | |||||
| CVE-2005-3919 | 1 Pblang | 1 Pblang | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. | |||||
| CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2008-09-05 | 7.8 HIGH | N/A |
| Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2005-3856 | 1 Krusader | 1 Krusader | 2008-09-05 | 4.0 MEDIUM | N/A |
| The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites. | |||||
| CVE-2005-3854 | 1 Easypagecms | 1 Easypagecms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2005-3782 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 2.1 LOW | N/A |
| Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. | |||||